Help Center> Elastic Cloud Server> Best Practices> Setting Up an FTP Site (Linux)
Updated on 2023-11-13 GMT+08:00

Setting Up an FTP Site (Linux)

Application Scenarios

The best practices for Huawei Cloud ECS guide you through the setup of an FTP site on a Linux ECS using very secure FTP daemon (vsftpd). vsftpd is an FTP server software that is widely used in Linux releases. The CentOS 7.2 64bit OS is used as an example in this section.

Solution Architecture

Figure 1 Setting up an FTP site (Linux)

Advantages

  • A website with a simple networking architecture can be quickly set up.
  • The website is secure and easy to use.

Resource and Cost Planning

Table 1 Resources and costs

Resource

Description

Cost

VPC

VPC CIDR block: 192.168.0.0/16

Free

Subnet

  • AZ: AZ1
  • CIDR block: 192.168.0.0/24

Free

Security group

Inbound rule (active mode):
  • Protocol/Application: TCP
  • Ports: 20 and 21
  • Source: 0.0.0.0/0
Inbound rule (passive mode):
  • Protocol/Application: TCP
  • Port: 21 and ports configured in vsftpdconf
  • Source: 0.0.0.0/0

Free

ECS

  • Billing mode: Yearly/Monthly
  • AZ: AZ1
  • Flavor: s6.large.2
  • Image: CentOS 7.2 64bit
  • System disk: 40 GB
  • EIP: Auto assign
  • EIP type: Dynamic BGP
  • Billed by: Traffic
  • Bandwidth: 5 Mbit/s

The following resources incur costs:

  • ECSs
  • EVS disks
  • EIPs

For billing details, see Billing.

vsftpd

A free, open-source FTP software.

Free

Process

The process of manually setting up an FTP website on a Linux ECS is as follows:
  1. Install vsftpd.
  2. Configure vsftpd.
  3. Configure a security group.
  4. Verify the configuration on the client.

Procedure

  1. Install vsftpd.

    1. Log in to the ECS.
    2. To obtain and update the system and software, update the image source to a Huawei Cloud image source. For details, see How Can I Use an Automated Tool to Configure a Huawei Cloud Image Source (x86_64 and Arm)?
    3. Run the following command to install vsftpd:

      yum install -y vsftpd

      If information similar to the following is displayed, vsftpd has been installed.

    4. Run the following command to configure automatic FTP enabling upon ECS startup:

      systemctl enable vsftpd.service

    5. Run the following command to start FTP:

      systemctl start vsftpd.service

    6. Run the following command to obtain the port running FTP:

      netstat -antup | grep ftp

      Information similar to the following is displayed.

  2. Configure vsftpd.

    After vsftpd is installed, anonymous FTP is enabled by default, allowing you to log in to the FTP server without requiring the login username and password. However, you are not allowed to modify or upload files. If you attempt to log in to the FTP server using the Linux OS account, your request will be rejected by vsftpd, but you are allowed to configure the username and password in vsftpd for logging in to the FTP server. To do so, perform the following operations:

    1. Create a user.

      For example, to create user ftpadmin, run the following command:

      useradd ftpadmin

    2. Run the following command to configure the password of user ftpadmin:

      passwd ftpadmin

    3. Run the following command to create a file directory for the FTP server, /var/ftp/work01 is used as an example:

      mkdir /var/ftp/work01

    4. Run the following command to change the owner of the created file directory to the local user for logging in to the FTP server:

      chown -R ftpadmin:ftpadmin /var/ftp/work01

    5. Modify the vsftpd.conf configuration file.
      1. Run the following command to open the file:

        vi /etc/vsftpd/vsftpd.conf

      2. Press i to enter insert mode.
      3. Modify the vsftpd.conf file.

        Set FTP to active or passive mode based on site requirements. If other Huawei Cloud ECSs are required to use public IP addresses to access the FTP site that is set up on a Huawei Cloud ECS, set FTP to passive mode.

        • Parameters to be configured for the active FTP mode:
          #No anonymous login to the FTP server is allowed. Local users are allowed to log in to the FTP server with their local file directories specified.
          anonymous_enable=NO              #No anonymous login to the FTP server is allowed.
          local_enable=YES                 #Local users are allowed to log in to the FTP server.
          local_root=/var/ftp/work01       #Specifies the file directory used by a local FTP user.
          
          #The following parameter allows login users to visit their own home directories:
          chroot_local_user=YES                      #The directory access rule applies to all users.
          chroot_list_enable=YES                     #The directory access rule does not apply to exclusive users.
          chroot_list_file=/etc/vsftpd/chroot_list   #Specifies exclusive users.
          allow_writeable_chroot=YES                 
          
        • Apart from the parameters configured in active FTP mode, the following parameters are also required for passive FTP mode:
          #The public IP address of the FTP server and the range of accessible ports must also be configured.
          listen=YES                    
          listen_ipv6=NO                
          pasv_address=xx.xx.xx.xx      #Public IP address of the FTP server
                     
          pasv_min_port=3000            #Minimum port number in passive FTP mode
          pasv_max_port=3100            #Maximum port number in passive FTP mode
      4. Press Esc to exit insert mode. Then, enter :wq to save the settings and exit.
      5. Create the chroot_list file in /etc/vsftpd/.

        touch chroot_list

        The chroot_list file contains exclusive users to whom the home directory access rules do not apply. To allow a user to access non-home directories, add the username to this file. If there is no exclusive user, the chroot_list file can be left blank, but the file must be available.

    6. Run the following command to restart vsftpd for the configuration to take effect:

      systemctl restart vsftpd.service

  3. Configure a security group.

    After setting up the FTP site, add a rule in the inbound direction of the security group to allow packets to pass through the FTP port. For details, see Adding a Security Group Rule.

    Table 2 Security group rules

    FTP Mode

    Direction

    Protocol

    Port

    Source

    Active

    Inbound

    TCP

    Ports 20 and 21

    0.0.0.0/0

    Passive

    Inbound

    TCP

    Port 21 and all ports between the value of pasv_min_port and that of pasv_max_port in the /etc/vsftpd/vsftpd.conf file

    0.0.0.0/0

  4. Verify the configuration on the client.

    On the computer with the client installed, enter fttp://IP address of the FTP server:FTP port number in the Internet Explorer address bar. If you do not specify the port number, default port number 21 is used. If a dialog box is displayed for you to enter the username and password, the configuration is correct. After entering the username and password, you can perform operations on the FTP folder with assigned permissions.

    • If active FTP mode is selected, use this method to configure the Internet Explorer browser. Otherwise, the FTP folder will be inaccessible. To configure the Internet Explorer browser, choose Tools > Internet Options > Advanced, select Enable FTP folder view, and deselect Use Passive FTP.
    • If an error occurs when you use a browser to access the FTP server, clear the browser caches and try again.